From patchwork Sun Jan 28 12:45:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 866812 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="OxpQk1PJ"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zTp886TfVz9t3v for ; Sun, 28 Jan 2018 21:01:44 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=qgEasjaHruPTTb3+yzMWP/2IMk1pxA4fpgQbLXI4FZw=; b=OxpQk1PJx8FhkxxihI+Ns7tuVM NnvHjUoUc1q/48+rcrr5QRH75vaE+3zb2uTHpJJIx1pS626MQ83eJWHc6YmbNT7H2MFsSgH1FOV3K 0txEUovp+n0o8RW1LCk7H1vF3NWeXq88wHctjNNmCUq39wtig4oRwOrsnvPIo1WsoMjzS4vd65rMe pWdo5K/Nk7MTx3aOWiWnHAZ08RHcpbuQmzOTXb5MGhhFXp7CpUKEhym7wR9wH5y9A5ypiIeC6ZnKp FdokwncItlnXjITG1vs8g7TTkNGYAGtI1xFRF6blpcO1eZp8hWvQdSsuzTVOw1ysZPJWS5QeJNbhv zFGJOl4w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1efjmH-00057z-BT; Sun, 28 Jan 2018 10:01:33 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1efjm9-0004zt-9G for hostap@lists.infradead.org; Sun, 28 Jan 2018 10:01:27 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jan 2018 01:47:54 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,426,1511856000"; d="scan'208";a="14046264" Received: from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com) ([10.12.217.183]) by orsmga006.jf.intel.com with ESMTP; 28 Jan 2018 01:47:52 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH 1/7] driver_nl80211: Sync nl80211_copy.h with latest mac80211-next tree Date: Sun, 28 Jan 2018 14:45:31 +0200 Message-Id: <1517143537-7441-2-git-send-email-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> References: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> X-Spam-Note: CRM114 invocation failed X-Spam-Score: -1.9 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andrei Otcheretianski MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Andrei Otcheretianski --- src/drivers/nl80211_copy.h | 162 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 146 insertions(+), 16 deletions(-) diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h index 6095a6c..c587a61 100644 --- a/src/drivers/nl80211_copy.h +++ b/src/drivers/nl80211_copy.h @@ -173,6 +173,29 @@ */ /** + * DOC: WPA/WPA2 EAPOL handshake offload + * + * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers + * can indicate they support offloading EAPOL handshakes for WPA/WPA2 + * preshared key authentication. In %NL80211_CMD_CONNECT the preshared + * key should be specified using %NL80211_ATTR_PMK. Drivers supporting + * this offload may reject the %NL80211_CMD_CONNECT when no preshared + * key material is provided, for example when that driver does not + * support setting the temporal keys through %CMD_NEW_KEY. + * + * Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be + * set by drivers indicating offload support of the PTK/GTK EAPOL + * handshakes during 802.1X authentication. In order to use the offload + * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS + * attribute flag. Drivers supporting this offload may reject the + * %NL80211_CMD_CONNECT when the attribute flag is not present. + * + * For 802.1X the PMK or PMK-R0 are set by providing %NL80211_ATTR_PMK + * using %NL80211_CMD_SET_PMK. For offloaded FT support also + * %NL80211_ATTR_PMKR0_NAME must be provided. + */ + +/** * DOC: FILS shared key authentication offload * * FILS shared key authentication offload can be advertized by drivers by @@ -387,7 +410,9 @@ * are used. Extra IEs can also be passed from the userspace by * using the %NL80211_ATTR_IE attribute. The first cycle of the * scheduled scan can be delayed by %NL80211_ATTR_SCHED_SCAN_DELAY - * is supplied. + * is supplied. If the device supports multiple concurrent scheduled + * scans, it will allow such when the caller provides the flag attribute + * %NL80211_ATTR_SCHED_SCAN_MULTI to indicate user-space support for it. * @NL80211_CMD_STOP_SCHED_SCAN: stop a scheduled scan. Returns -ENOENT if * scheduled scan is not running. The caller may assume that as soon * as the call returns, it is safe to start a new scheduled scan again. @@ -544,8 +569,14 @@ * authentication/association or not receiving a response from the AP. * Non-zero %NL80211_ATTR_STATUS_CODE value is indicated in that case as * well to remain backwards compatible. - * @NL80211_CMD_ROAM: request that the card roam (currently not implemented), - * sent as an event when the card/driver roamed by itself. + * When establishing a security association, drivers that support 4 way + * handshake offload should send %NL80211_CMD_PORT_AUTHORIZED event when + * the 4 way handshake is completed successfully. + * @NL80211_CMD_ROAM: Notification indicating the card/driver roamed by itself. + * When a security association was established with the new AP (e.g. if + * the FT protocol was used for roaming or the driver completed the 4 way + * handshake), this event should be followed by an + * %NL80211_CMD_PORT_AUTHORIZED event. * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify * userspace that a connection was dropped by the AP or due to other * reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and @@ -945,6 +976,22 @@ * does not result in a change for the current association. Currently, * only the %NL80211_ATTR_IE data is used and updated with this command. * + * @NL80211_CMD_SET_PMK: For offloaded 4-Way handshake, set the PMK or PMK-R0 + * for the given authenticator address (specified with &NL80211_ATTR_MAC). + * When &NL80211_ATTR_PMKR0_NAME is set, &NL80211_ATTR_PMK specifies the + * PMK-R0, otherwise it specifies the PMK. + * @NL80211_CMD_DEL_PMK: For offloaded 4-Way handshake, delete the previously + * configured PMK for the authenticator address identified by + * &NL80211_ATTR_MAC. + * @NL80211_CMD_PORT_AUTHORIZED: An event that indicates that the 4 way + * handshake was completed successfully by the driver. The BSSID is + * specified with &NL80211_ATTR_MAC. Drivers that support 4 way handshake + * offload should send this event after indicating 802.11 association with + * &NL80211_CMD_CONNECT or &NL80211_CMD_ROAM. If the 4 way handshake failed + * &NL80211_CMD_DISCONNECT should be indicated instead. + * + * @NL80211_CMD_RELOAD_REGDB: Request that the regdb firmware file is reloaded. + * * @NL80211_CMD_MAX: highest used command number * @__NL80211_CMD_AFTER_LAST: internal use */ @@ -1144,6 +1191,13 @@ enum nl80211_commands { NL80211_CMD_UPDATE_CONNECT_PARAMS, + NL80211_CMD_SET_PMK, + NL80211_CMD_DEL_PMK, + + NL80211_CMD_PORT_AUTHORIZED, + + NL80211_CMD_RELOAD_REGDB, + /* add new commands above here */ /* used to define NL80211_CMD_MAX below */ @@ -1366,8 +1420,12 @@ enum nl80211_commands { * * @NL80211_ATTR_USE_MFP: Whether management frame protection (IEEE 802.11w) is * used for the association (&enum nl80211_mfp, represented as a u32); - * this attribute can be used - * with %NL80211_CMD_ASSOCIATE and %NL80211_CMD_CONNECT requests + * this attribute can be used with %NL80211_CMD_ASSOCIATE and + * %NL80211_CMD_CONNECT requests. %NL80211_MFP_OPTIONAL is not allowed for + * %NL80211_CMD_ASSOCIATE since user space SME is expected and hence, it + * must have decided whether to use management frame protection or not. + * Setting %NL80211_MFP_OPTIONAL with a %NL80211_CMD_CONNECT request will + * let the driver (or the firmware) decide whether to use MFP or not. * * @NL80211_ATTR_STA_FLAGS2: Attribute containing a * &struct nl80211_sta_flag_update. @@ -1868,11 +1926,10 @@ enum nl80211_commands { * that configured the indoor setting, and the indoor operation would be * cleared when the socket is closed. * If set during NAN interface creation, the interface will be destroyed - * if the socket is closed just like any other interface. Moreover, only - * the netlink socket that created the interface will be allowed to add - * and remove functions. NAN notifications will be sent in unicast to that - * socket. Without this attribute, any socket can add functions and the - * notifications will be sent to the %NL80211_MCGRP_NAN multicast group. + * if the socket is closed just like any other interface. Moreover, NAN + * notifications will be sent in unicast to that socket. Without this + * attribute, the notifications will be sent to the %NL80211_MCGRP_NAN + * multicast group. * If set during %NL80211_CMD_ASSOCIATE or %NL80211_CMD_CONNECT the * station will deauthenticate when the socket is closed. * @@ -2078,8 +2135,23 @@ enum nl80211_commands { * identifying the scope of PMKSAs. This is used with * @NL80211_CMD_SET_PMKSA and @NL80211_CMD_DEL_PMKSA. * - * @NL80211_ATTR_PMK: PMK for the PMKSA identified by %NL80211_ATTR_PMKID. - * This is used with @NL80211_CMD_SET_PMKSA. + * @NL80211_ATTR_PMK: attribute for passing PMK key material. Used with + * %NL80211_CMD_SET_PMKSA for the PMKSA identified by %NL80211_ATTR_PMKID. + * For %NL80211_CMD_CONNECT it is used to provide PSK for offloading 4-way + * handshake for WPA/WPA2-PSK networks. For 802.1X authentication it is + * used with %NL80211_CMD_SET_PMK. For offloaded FT support this attribute + * specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME is included as well. + * + * @NL80211_ATTR_SCHED_SCAN_MULTI: flag attribute which user-space shall use to + * indicate that it supports multiple active scheduled scan requests. + * @NL80211_ATTR_SCHED_SCAN_MAX_REQS: indicates maximum number of scheduled + * scan request that may be active for the device (u32). + * + * @NL80211_ATTR_WANT_1X_4WAY_HS: flag attribute which user-space can include + * in %NL80211_CMD_CONNECT to indicate that for 802.1X authentication it + * wants to use the supported offload of the 4-way handshake. + * @NL80211_ATTR_PMKR0_NAME: PMK-R0 Name for offloaded FT. + * @NL80211_ATTR_PORT_AUTHORIZED: (reserved) * * @NUM_NL80211_ATTR: total number of nl80211_attrs available * @NL80211_ATTR_MAX: highest attribute number currently defined @@ -2500,6 +2572,13 @@ enum nl80211_attrs { NL80211_ATTR_PMK, + NL80211_ATTR_SCHED_SCAN_MULTI, + NL80211_ATTR_SCHED_SCAN_MAX_REQS, + + NL80211_ATTR_WANT_1X_4WAY_HS, + NL80211_ATTR_PMKR0_NAME, + NL80211_ATTR_PORT_AUTHORIZED, + /* add attributes here, update the policy in nl80211.c */ __NL80211_ATTR_AFTER_LAST, @@ -3184,6 +3263,7 @@ enum nl80211_reg_rule_attr { * @__NL80211_SCHED_SCAN_MATCH_ATTR_INVALID: attribute number 0 is reserved * @NL80211_SCHED_SCAN_MATCH_ATTR_SSID: SSID to be used for matching, * only report BSS with matching SSID. + * (This cannot be used together with BSSID.) * @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI: RSSI threshold (in dBm) for reporting a * BSS in scan results. Filtering is turned off if not specified. Note that * if this attribute is in a match set of its own, then it is treated as @@ -3199,6 +3279,8 @@ enum nl80211_reg_rule_attr { * BSS-es in the specified band is to be adjusted before doing * RSSI-based BSS selection. The attribute value is a packed structure * value as specified by &struct nl80211_bss_select_rssi_adjust. + * @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID: BSSID to be used for matching + * (this cannot be used together with SSID). * @NL80211_SCHED_SCAN_MATCH_ATTR_MAX: highest scheduled scan filter * attribute number currently defined * @__NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST: internal use @@ -3210,6 +3292,7 @@ enum nl80211_sched_scan_match_attr { NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, NL80211_SCHED_SCAN_MATCH_ATTR_RELATIVE_RSSI, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI_ADJUST, + NL80211_SCHED_SCAN_MATCH_ATTR_BSSID, /* keep last */ __NL80211_SCHED_SCAN_MATCH_ATTR_AFTER_LAST, @@ -3779,6 +3862,9 @@ enum nl80211_bss_scan_width { * @NL80211_BSS_PARENT_BSSID. (u64). * @NL80211_BSS_PARENT_BSSID: the BSS according to which @NL80211_BSS_PARENT_TSF * is set. + * @NL80211_BSS_CHAIN_SIGNAL: per-chain signal strength of last BSS update. + * Contains a nested array of signal strength attributes (u8, dBm), + * using the nesting index as the antenna number. * @__NL80211_BSS_AFTER_LAST: internal * @NL80211_BSS_MAX: highest BSS attribute */ @@ -3802,6 +3888,7 @@ enum nl80211_bss { NL80211_BSS_PAD, NL80211_BSS_PARENT_TSF, NL80211_BSS_PARENT_BSSID, + NL80211_BSS_CHAIN_SIGNAL, /* keep last */ __NL80211_BSS_AFTER_LAST, @@ -3878,10 +3965,12 @@ enum nl80211_key_type { * enum nl80211_mfp - Management frame protection state * @NL80211_MFP_NO: Management frame protection not used * @NL80211_MFP_REQUIRED: Management frame protection required + * @NL80211_MFP_OPTIONAL: Management frame protection is optional */ enum nl80211_mfp { NL80211_MFP_NO, NL80211_MFP_REQUIRED, + NL80211_MFP_OPTIONAL, }; enum nl80211_wpa_versions { @@ -4838,6 +4927,24 @@ enum nl80211_feature_flags { * RSSI threshold values to monitor rather than exactly one threshold. * @NL80211_EXT_FEATURE_FILS_SK_OFFLOAD: Driver SME supports FILS shared key * authentication with %NL80211_CMD_CONNECT. + * @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK: Device wants to do 4-way + * handshake with PSK in station mode (PSK is passed as part of the connect + * and associate commands), doing it in the host might not be supported. + * @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X: Device wants to do doing 4-way + * handshake with 802.1X in station mode (will pass EAP frames to the host + * and accept the set_pmk/del_pmk commands), doing it in the host might not + * be supported. + * @NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME: Driver is capable of overriding + * the max channel attribute in the FILS request params IE with the + * actual dwell time. + * @NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP: Driver accepts broadcast probe + * response + * @NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE: Driver supports sending + * the first probe request in each channel at rate of at least 5.5Mbps. + * @NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION: Driver supports + * probe request tx deferral and suppression + * @NL80211_EXT_FEATURE_MFP_OPTIONAL: Driver supports the %NL80211_MFP_OPTIONAL + * value in %NL80211_ATTR_USE_MFP. * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. @@ -4858,6 +4965,13 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI, NL80211_EXT_FEATURE_CQM_RSSI_LIST, NL80211_EXT_FEATURE_FILS_SK_OFFLOAD, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X, + NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME, + NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP, + NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE, + NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION, + NL80211_EXT_FEATURE_MFP_OPTIONAL, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, @@ -4934,12 +5048,28 @@ enum nl80211_timeout_reason { * locally administered 1, multicast 0) is assumed. * This flag must not be requested when the feature isn't supported, check * the nl80211 feature flags for the device. + * @NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME: fill the dwell time in the FILS + * request parameters IE in the probe request + * @NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP: accept broadcast probe responses + * @NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE: send probe request frames at + * rate of at least 5.5M. In case non OCE AP is dicovered in the channel, + * only the first probe req in the channel will be sent in high rate. + * @NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION: allow probe request + * tx deferral (dot11FILSProbeDelay shall be set to 15ms) + * and suppression (if it has received a broadcast Probe Response frame, + * Beacon frame or FILS Discovery frame from an AP that the STA considers + * a suitable candidate for (re-)association - suitable in terms of + * SSID and/or RSSI */ enum nl80211_scan_flags { - NL80211_SCAN_FLAG_LOW_PRIORITY = 1<<0, - NL80211_SCAN_FLAG_FLUSH = 1<<1, - NL80211_SCAN_FLAG_AP = 1<<2, - NL80211_SCAN_FLAG_RANDOM_ADDR = 1<<3, + NL80211_SCAN_FLAG_LOW_PRIORITY = 1<<0, + NL80211_SCAN_FLAG_FLUSH = 1<<1, + NL80211_SCAN_FLAG_AP = 1<<2, + NL80211_SCAN_FLAG_RANDOM_ADDR = 1<<3, + NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME = 1<<4, + NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP = 1<<5, + NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE = 1<<6, + NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION = 1<<7, }; /** From patchwork Sun Jan 28 12:45:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 866810 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="syFhVBYw"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zTp7m0ppgz9t3v for ; Sun, 28 Jan 2018 21:01:24 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=E0lMMXfXnP2tYg9RHgEU5X3+YxiIBBlfb7lUAiIgeJo=; b=syFhVBYw0oANxVRDfoAfDEMvBo eKE53J6cpEN4RovPFlUBqWYmAzPJXNsJ6h9wdM4gDnsxBszLnKxYTETKJzykjcdq7pfUvbAbVfSD/ neitgdKyqSJgDGghrB7FPVOyUA21lwcpsahq9uW/Jjw9trD56vTWcceUz0YlQBhTuXyKUdRH4APhO Yx9LHNI9oSW/NVfdXujkA9/98exxTS+bp0GtrG0IoS2jJ/FBBGY+Ev6R2cfE9dbG80q9ezK1zZn0g LXrZ36+uAeKWTEXDcAF6FUjJo6PAo3CsmDMJDBbCDkoEaGorPlFION7NnYmuPusR/2EdttGCc2vVx mt8fkvPA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1efjlu-0004ti-Pp; Sun, 28 Jan 2018 10:01:10 +0000 Received: from mga12.intel.com ([192.55.52.136]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1efjlr-0004t2-Ep for hostap@lists.infradead.org; Sun, 28 Jan 2018 10:01:08 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jan 2018 01:47:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,426,1511856000"; d="scan'208";a="14046270" Received: from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com) ([10.12.217.183]) by orsmga006.jf.intel.com with ESMTP; 28 Jan 2018 01:47:57 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH 2/7] driver_nl80211: support passing PSK on connect Date: Sun, 28 Jan 2018 14:45:32 +0200 Message-Id: <1517143537-7441-3-git-send-email-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> References: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> X-Spam-Note: CRM114 invocation failed X-Spam-Score: -1.9 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Eliad Peller , Eliad Peller MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Eliad Peller If the driver advertises WPA_DRIVER_FLAGS_4WAY_HANDSHAKE support, pass the psk on connect. Signed-off-by: Eliad Peller --- src/drivers/driver_nl80211.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 277d529..3267b0e 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -5309,6 +5309,15 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, return -1; } + /* add psk in case of 4way handshake offload */ + if (params->psk && + (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) { + wpa_printf(MSG_DEBUG, "Adding psk (len=32)"); + wpa_hexdump_key(MSG_DEBUG, "PSK", params->psk, 32); + if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk)) + return -1; + } + if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT)) return -1; From patchwork Sun Jan 28 12:45:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 866808 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="RS9k1vqS"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zTnsT0K3wz9s0g for ; Sun, 28 Jan 2018 20:49:01 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=Gij/D48BJEgJaagd5XCN988chD8TlkxrP/s3wb3cbd4=; b=RS9k1vqSniZfLjPGMOgdaOMjnA lXn06+QXkOBmMU/4iB+0orlBGe+QjgIgkmzUYaQrer2LbVVbFXtvQPIPMorEdPH2xS5vZbYN6LywG O1AyavkHaDNjWE2vbtY3+FAl93l8rsPiYSgtES0JU2GbEp4SIGjAWdeVnua81V23hHhfvK0Rkyw/a y3Htj45LY2GFfGAvNaPJYyRu1TI8/nYWDbZFXn3HN8jKHJ0K+qyWu7ZKQggjS/Rd02o1cIgtA7llo mY3sDWGbC5JhqQUo0VAj47fBagu+5xiRc1Hhlj1oOhm4zKMtizl9RWGaLm2NFSQMItxShnDaDAMpE tGIInktQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1efjZf-0008Ei-6h; Sun, 28 Jan 2018 09:48:31 +0000 Received: from mga05.intel.com ([192.55.52.43]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1efjZb-0008EJ-62 for hostap@lists.infradead.org; Sun, 28 Jan 2018 09:48:28 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jan 2018 01:48:16 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,426,1511856000"; d="scan'208";a="14046301" Received: from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com) ([10.12.217.183]) by orsmga006.jf.intel.com with ESMTP; 28 Jan 2018 01:48:14 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH 3/7] driver_nl80211: check 4-way handshake offload support Date: Sun, 28 Jan 2018 14:45:33 +0200 Message-Id: <1517143537-7441-4-git-send-email-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> References: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> X-Spam-Note: CRM114 invocation failed X-Spam-Score: -4.2 (----) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-4.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [192.55.52.43 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andrei Otcheretianski , Eliad Peller , Eliad Peller MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Eliad Peller Set the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag if the driver indicates both 4-way handshake PSK and 1X support. Currently wpa_supplicant doesn't distinguish between 4-way handshake for 1x and PSK, but nl80211 API has different capabilities for each one. Change-Id: Ia8341819ed35f88460813537a8cf4c4ef46c8875 Signed-off-by: Eliad Peller Signed-off-by: Andrei Otcheretianski --- src/drivers/driver_nl80211_capa.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index f11a1d7..fd8b457 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -401,6 +401,12 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, if (ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_FILS_SK_OFFLOAD)) capa->flags |= WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) && + ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) + capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; } From patchwork Sun Jan 28 12:45:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 866805 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ffovOX3i"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zTnsJ1rT6z9s0g for ; Sun, 28 Jan 2018 20:48:52 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=HALzGZLgvLojCKP1X8dCLRrWJ2RGHkPfDwVt82WGNj4=; b=ffovOX3ij7mephfxUtBKl4cJKM 2vu9gPBRVcz5P6XS1eVjunj8ZASBpd7rXAfxssuWcuWp8sNiusVkxghKsgn9TlE9fU7+yQW+Cny8i Fcuvd9AX7sSbeaGW1fAoVOjk+rQuH88diISO3iyQRGV9RsomW4qb1oKcsAyYZbYxnAnXHzD5ieJLV J+5l6v18KmEGLn2YB1dlK0tkZwO+1qqcF0MuEA06fu7mw2luau8XpRvuSzgNC71/drSCTIrth6JF7 rrPf6xngE9/XA2K+Uynv7N6Ue7cc3WJG0Z54xOf4hCi6IlaVfMEuMWqR8vTy8DWG3qfGD2Ma3+6ot rsL7eYqQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1efjZo-0008P2-Ms; Sun, 28 Jan 2018 09:48:40 +0000 Received: from mga05.intel.com ([192.55.52.43]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1efjZb-0008EK-64 for hostap@lists.infradead.org; Sun, 28 Jan 2018 09:48:30 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jan 2018 01:48:18 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,426,1511856000"; d="scan'208";a="14046306" Received: from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com) ([10.12.217.183]) by orsmga006.jf.intel.com with ESMTP; 28 Jan 2018 01:48:17 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH 4/7] nl80211: Add API to set the PMK to the driver Date: Sun, 28 Jan 2018 14:45:34 +0200 Message-Id: <1517143537-7441-5-git-send-email-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> References: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> X-Spam-Note: CRM114 invocation failed X-Spam-Score: -4.2 (----) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-4.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [192.55.52.43 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Avraham Stern MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Avraham Stern Add support for setting the PMK to the driver. This is used for drivers that support 4 Way handshake offload. Signed-off-by: Avraham Stern --- src/drivers/driver_nl80211.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 3267b0e..b67f4a7 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -2781,6 +2781,40 @@ static int issue_key_mgmt_set_key(struct wpa_driver_nl80211_data *drv, } #endif /* CONFIG_DRIVER_NL80211_QCA */ +static int wpa_driver_nl80211_set_pmk(struct wpa_driver_nl80211_data *drv, + const u8 *key, size_t key_len, + const u8 *addr) +{ + struct nl_msg *msg = NULL; + int ret; + + /* + * If the authenticator address is not set, assume it is + * the current BSSID. + */ + if (!addr && drv->associated) + addr = drv->bssid; + else if (!addr) + return -1; + + msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_PMK); + if (!msg || + nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) || + nla_put(msg, NL80211_ATTR_PMK, key_len, key)) { + nl80211_nlmsg_clear(msg); + nlmsg_free(msg); + return -ENOBUFS; + } + + ret = send_and_recv_msgs(drv, msg, NULL, (void *) -1); + if (ret) { + wpa_printf(MSG_DEBUG, + "nl80211: Set PMK failed: ret=%d (%s)", + ret, strerror(-ret)); + } + + return ret; +} static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, enum wpa_alg alg, const u8 *addr, @@ -2820,6 +2854,10 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, } #endif /* CONFIG_DRIVER_NL80211_QCA */ + if (alg == WPA_ALG_PMK && + (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) + return wpa_driver_nl80211_set_pmk(drv, key, key_len, addr); + if (alg == WPA_ALG_NONE) { msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY); if (!msg) From patchwork Sun Jan 28 12:45:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 866807 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="j0FsJ1n0"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zTnsR43Dsz9s0g for ; Sun, 28 Jan 2018 20:48:59 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=gUrxfPkzTgeFYv4lPRkw+3joM14IELsRHpmBOfU0SSI=; b=j0FsJ1n0SY1E9Xokl2Qj/qYtfz LBfMDX2cxCSevAYI3+JV/jZBPBFYzlEBFeFfzBScuIPHp4DRdyruhDMVLAKwWmrTjOS+FTLHGkq+M IN+naX8RVmoNhOj7dmxXveIWQPAHYjdcfRUQ10k3axHCJyQGSMV5FHmJZJLWGMltn4iSDp0zOQ2fD kyadbLiGwb9SZqofuZEUMnKtNZEBrJ6pPCvTO336qKj6Mo2EQrRho66eDxMOavKt/703SvNoWg5jO VDJSyrsBoM56QYpg4s9FSHljRbXDQrfqS3l6etYy6jGu5DfuVfhYjYOsvtgdJQ68jacE6m/f+Ed5o X864119Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1efjZi-0008HD-DZ; Sun, 28 Jan 2018 09:48:34 +0000 Received: from mga05.intel.com ([192.55.52.43]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1efjZb-0008EL-65 for hostap@lists.infradead.org; Sun, 28 Jan 2018 09:48:28 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jan 2018 01:48:20 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,426,1511856000"; d="scan'208";a="14046312" Received: from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com) ([10.12.217.183]) by orsmga006.jf.intel.com with ESMTP; 28 Jan 2018 01:48:19 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH 5/7] driver: Add port authorized event Date: Sun, 28 Jan 2018 14:45:35 +0200 Message-Id: <1517143537-7441-6-git-send-email-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> References: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> X-Spam-Note: CRM114 invocation failed X-Spam-Score: -4.2 (----) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-4.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [192.55.52.43 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Avraham Stern MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Avraham Stern Add an event that indicates that the 4 way handshake was completed by the driver. This event is useful for networks that require 802.1X authentication. The driver can use this event that a new connection is already authorized (e.g. when the driver used PMKSA caching) and 802.1X authentication is not required. Signed-off-by: Avraham Stern --- src/drivers/driver.h | 9 +++++++++ src/drivers/driver_common.c | 1 + 2 files changed, 10 insertions(+) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index f28bd2b..e26479f 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -4507,6 +4507,15 @@ enum wpa_event_type { * performed before start operating on this channel. */ EVENT_DFS_PRE_CAC_EXPIRED, + + /** + * EVENT_PORT_AUTHORIZED - Notification that a connection is authorized + * + * This event should be indicated when the driver completes the 4 Way + * handshake. This event should be preceded by an EVENT_ASSOC that + * indicates the completion of 802.11 association. + */ + EVENT_PORT_AUTHORIZED, }; diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c index 0464304..f448ba3 100644 --- a/src/drivers/driver_common.c +++ b/src/drivers/driver_common.c @@ -82,6 +82,7 @@ const char * event_to_string(enum wpa_event_type event) E2S(P2P_LO_STOP); E2S(BEACON_LOSS); E2S(DFS_PRE_CAC_EXPIRED); + E2S(PORT_AUTHORIZED); } return "UNKNOWN"; From patchwork Sun Jan 28 12:45:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 866806 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="UY6uFqX1"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zTnsP14YNz9s0g for ; Sun, 28 Jan 2018 20:48:57 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=1icJLa714lT6Lugaq8HAsnPWC/rUEoQfZu6VoZFYQx4=; b=UY6uFqX1DEx1VV3AvU/KhZbKGC Xj0msxHuMFxNcHhK4Z1+XgAplJ7x8hlYvLLPui81l6drEUmEDrnC3VOA2LFOYbO5/4d5bqoVllayD d+El2CXhvNCb3dm0f5fyvJSYdmH48brtsO/02AmQZ/l/lpzEb32N3grWBLiuHOfZMDsX+6vvZCGue 9uGnCvm7nc5E0XetG3+DS9NYe/fHPAuZ3tbz6uHqVvYXig9jHKTvbOM3oYnGjSGH2dRuvPQliQcBt UWFEsTzByVuYyupL3lQlYYqCuIJndEVs/2HTDRarHhg5L6HKr3qNxtBpnO/0jJIJ73Hgxu9oHbjk8 /DGCn6Ow==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1efjZv-000057-HQ; Sun, 28 Jan 2018 09:48:47 +0000 Received: from mga05.intel.com ([192.55.52.43]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1efjZc-0008EJ-Ir for hostap@lists.infradead.org; Sun, 28 Jan 2018 09:48:30 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jan 2018 01:48:22 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,426,1511856000"; d="scan'208";a="14046318" Received: from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com) ([10.12.217.183]) by orsmga006.jf.intel.com with ESMTP; 28 Jan 2018 01:48:21 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH 6/7] nl80211: Handle port authorized event Date: Sun, 28 Jan 2018 14:45:36 +0200 Message-Id: <1517143537-7441-7-git-send-email-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> References: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> X-Spam-Note: CRM114 invocation failed X-Spam-Score: -4.2 (----) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-4.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [192.55.52.43 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Avraham Stern MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Avraham Stern Indicate that the connection is authorized when receiving a port authorized event from the driver. Signed-off-by: Avraham Stern --- src/drivers/driver_nl80211_event.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index 1b5be97..2a37979 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -2175,6 +2175,25 @@ static void nl80211_reg_change_event(struct wpa_driver_nl80211_data *drv, } +static void nl80211_port_authorized(struct wpa_driver_nl80211_data *drv, + struct nlattr **tb) +{ + if (!tb[NL80211_ATTR_MAC]) { + wpa_printf(MSG_DEBUG, + "nl80211: Ignore port authorized event without BSSID"); + return; + } + + if (os_memcmp(nla_data(tb[NL80211_ATTR_MAC]), drv->bssid, ETH_ALEN)) { + wpa_printf(MSG_DEBUG, + "nl80211: Ignore port authorized event not for the currently connected BSSID"); + return; + } + + wpa_supplicant_event(drv->ctx, EVENT_PORT_AUTHORIZED, NULL); +} + + static void do_process_drv_event(struct i802_bss *bss, int cmd, struct nlattr **tb) { @@ -2373,6 +2392,9 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd, case NL80211_CMD_NEW_PEER_CANDIDATE: nl80211_new_peer_candidate(drv, tb); break; + case NL80211_CMD_PORT_AUTHORIZED: + nl80211_port_authorized(drv, tb); + break; default: wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " "(cmd=%d)", cmd); From patchwork Sun Jan 28 12:45:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 866809 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="u5azXNAr"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zTnsX3LhNz9s0g for ; Sun, 28 Jan 2018 20:49:04 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=OzQan1ff4d8FgwQ4GP06rJbjg3mzSbXgSpi8jiC4FJE=; b=u5azXNArp/03LM9WHvBUUJPV7s WanRXftPDQLyAMkXkV2dZRd19Oc/JF9Hi2jadOptqWAlUuBZG2tGIiu7WHHYcPiJ3lB+QN+OqhI6c y1BrkAPFTFrDB18mmD6YSHddt5ZX5Ux3K0uSsYj1K/GVOifqe1cxaL1cTmCAC06Wn7kWr4hPQ4nkB edAnTCpcP4CE7noYUh058mMTqVyo1nHPoPot7XsThsOLo8zDNx1Pqr+IhFtt65DAqdWVb+WjS1FLe MBSz4/JCo00ZK/JA7iebw77pSjyfS/r7BsDyrJ5M9JiP4IpmIDfe22AO2Cf5uEb+HhggKvY81rrir LlgZ2yrQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1efja2-0000Dy-D9; Sun, 28 Jan 2018 09:48:54 +0000 Received: from mga05.intel.com ([192.55.52.43]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1efjZc-0008EL-KR for hostap@lists.infradead.org; Sun, 28 Jan 2018 09:48:30 +0000 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Jan 2018 01:48:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,426,1511856000"; d="scan'208";a="14046324" Received: from unknown (HELO andrei-XPS-12-9Q33.ger.corp.intel.com) ([10.12.217.183]) by orsmga006.jf.intel.com with ESMTP; 28 Jan 2018 01:48:23 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Subject: [PATCH 7/7] wpa_supplicant: Handle port authorized event Date: Sun, 28 Jan 2018 14:45:37 +0200 Message-Id: <1517143537-7441-8-git-send-email-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> References: <1517143537-7441-1-git-send-email-andrei.otcheretianski@intel.com> X-Spam-Note: CRM114 invocation failed X-Spam-Score: -4.2 (----) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-4.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium trust [192.55.52.43 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Avraham Stern MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Avraham Stern When the driver indicates that the connection is authorized (i.e. the 4 way handshake was completed by the driver), cancel the EAP authentication timeout and set the EAP state machine to success state. Signed-off-by: Avraham Stern --- wpa_supplicant/events.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 8e46b76..fd4c34a 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3760,18 +3760,26 @@ static void wpa_supplicant_notify_avoid_freq(struct wpa_supplicant *wpa_s, } -static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s, - union wpa_event_data *data) +static void wpa_supplicant_event_port_authorized(struct wpa_supplicant *wpa_s) { - wpa_dbg(wpa_s, MSG_DEBUG, - "Connection authorized by device, previous state %d", - wpa_s->wpa_state); if (wpa_s->wpa_state == WPA_ASSOCIATED) { wpa_supplicant_cancel_auth_timeout(wpa_s); wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); eapol_sm_notify_portValid(wpa_s->eapol, TRUE); eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); } +} + + +static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s, + union wpa_event_data *data) +{ + wpa_dbg(wpa_s, MSG_DEBUG, + "Connection authorized by device, previous state %d", + wpa_s->wpa_state); + + wpa_supplicant_event_port_authorized(wpa_s); + wpa_sm_set_rx_replay_ctr(wpa_s->wpa, data->assoc_info.key_replay_ctr); wpa_sm_set_ptk_kck_kek(wpa_s->wpa, data->assoc_info.ptk_kck, data->assoc_info.ptk_kck_len, @@ -4579,6 +4587,9 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event, wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_BEACON_LOSS); bgscan_notify_beacon_loss(wpa_s); break; + case EVENT_PORT_AUTHORIZED: + wpa_supplicant_event_port_authorized(wpa_s); + break; default: wpa_msg(wpa_s, MSG_INFO, "Unknown event %d", event); break;